GHSA-w3pj-wh35-fq8w: GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

GHSA-wc9m-r3v6-9p5h: Sparkle Signing Checks Bypass

GHSA-w7wm-2425-7p2h: MarbleRun unauthenticated recovery allows Coordinator impersonation

GHSA-mx2j-7cmv-353c: wasmvm: Malicious smart contract can slow down block production

GHSA-23qp-3c2m-xx6w: wasmvm: Malicious smart contract can crash the chain

The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.

**Go SSH library vulnerable to Man-in-the-Middle attacks**

High severity GitHub Reviewed Published Feb 7, 2023 to the GitHub Advisory Database • Updated Feb 7, 2023

Headline

GHSA-xhjq-w7xm-p8qj: Go SSH library vulnerable to Man-in-the-Middle attacks

ghsa: Latest News